Cyber Threat Advisory: Counterfeit Hardware

By Kevin G. Colemanspyops

Overview:Best Buy Digital Photo Frames Ship with Computer Virus

Reported Jan. 2008, the Insignia NS-DPF10A digital photo frames, which connect to PCs via USB, were "contaminated with a computer virus during the manufacturing process" according to a notice posted on the company's website.

Seagate announced in November of 2007 that it had shipped 1,800 Trojan-Horse tainted drives. The malicious software was thought to be pre-loaded, possibly in a spy effort by the Chinese government.

The Taiwanese Investigation Bureau claims that the Maxtor Basics 500G discs, which are used by government agencies, have been found to contain Trojan horse viruses that automatically upload to Beijing websites.

The FBI arrested two Americans for running a computer hardware company that was selling counterfeit computer and networking parts manufactured in China. The phony parts had counterfeit labels and were delivered in counterfeit boxes. In most cases the fake gear was made in China and imported into the United States, where unethical resellers passed them off as legitimate Cisco hardware. A key point in this high tech crime is that the two brothers had a contract to sell these parts to the Department of Defense and other government agencies. As the investigation progressed, U.S. and Canadian law enforcement authorities confiscated more than $75 million of counterfeit Cisco networking gear. The ongoing investigation codenamed Operation Cisco Raider has been active for nearly two years.

According to a white paper by KPMG and AGMA, counterfeit products account for nearly 10% of the overall IT products market. That would be over $100 billion annually. According to one source, over the previous two years FBI's operation obtained 36 search warrants that identified about 3,500 counterfeit network components with a retail value of more than $3.5 million. Thus far the FBI's efforts resulted in 10 convictions and $1.7 million in restitution. A far cry for the estimated $100 billion market for the counterfeit products. Money may not be the motive behind these efforts. Counterfeit computer and networking gear has become a huge problem that could put networks and security, health and safety - at risk. This is not a new issue. In 2005, ICE and CBP have opened 28 investigations.

Few if any organizations would want to admit they've got counterfeit gear inside their IT operations. The fact is that counterfeit computer hardware and pirated software is everywhere. This fake equipment could easily contain cloaked backdoors or malicious code. This is one of the top five covert cyber espionage strategies and can be very effective. It is a top cyber attack strategy and difficult to detect and defend against. Organizations with sensitive or classified information should contact their hardware vendor for details on how to spot counterfeit products.